Hi all, I have few sites which interconnected using a dedicated link. During these few weeks I've found that there are some mysterious traffic pass over my router with constant amount of bandwidth all over the time. I can know this because after working hours, only few applications are running and it did not generate this kind of traffic. Anyone can advice how to detect what kind of traffic that consumes those bandwith? I suspecting its a virus or something else because half of our clients are still using windows. TIA. -- --beast
On Friday 13 January 2006 11:10, Beast wrote:> Hi all, > > I have few sites which interconnected using a dedicated link. > During these few weeks I've found that there are some mysterious traffic > pass over my router with constant amount of bandwidth all over the time. > I can know this because after working hours, only few applications are > running and it did not generate this kind of traffic. > > Anyone can advice how to detect what kind of traffic that consumes those > bandwith?Run an ethereal/tcpdump capture session over night. Then it should be clear enough. /Peter> I suspecting its a virus or something else because half of our clients > are still using windows. > > TIA.-- ------------------------------------------------------------ Peter Kjellstr?m | National Supercomputer Centre | Sweden | http://www.nsc.liu.se -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20060113/2ef8868e/attachment-0005.sig>
Peter Kjellstr?m wrote:> On Friday 13 January 2006 11:10, Beast wrote: > >>Hi all, >> >>I have few sites which interconnected using a dedicated link. >>During these few weeks I've found that there are some mysterious traffic >>pass over my router with constant amount of bandwidth all over the time. >>I can know this because after working hours, only few applications are >>running and it did not generate this kind of traffic. >> >>Anyone can advice how to detect what kind of traffic that consumes those >>bandwith? > > > Run an ethereal/tcpdump capture session over night. Then it should be clear > enough. >I forget to add that the router interface is connected to ethernet switch. Still possible to run packet sniffer? -- --beast